Healthcare Technology Featured Article

March 04, 2014

UK's NHS Hospital Patient Database Uploaded to Google, MPs Question How


The issue of information in hospitals is one that's not only emotionally charged on all sides, but one that represents both major risks and rewards at the same time. While having all this information on hand is extremely valuable in terms of providing the best care possible, having all this information on hand is a honey pot of legendary proportions for identity thieves. So when the entire hospital patient database for the U.K's National Health Service (NHS) got uploaded to management consultants via Google servers outside the U.K's purview, the question turned to terms of “How?”

The data in question had been obtained, according to reports, by PA Consulting, who secured the dataset across all “three areas of collection – inpatient, outpatient, and A&E,” and routed the whole thing through Google tools, a process that took “a couple of weeks,” according to reports. The data in question was sufficiently substantial to require 27 DVDs worth of storage, yet generated substantial results for PA Consulting. PA Consulting noted that after just two weeks with the Google tools, the group was “...able to produce interactive maps directly from hospital episode statistics (HES) queries in seconds.”

Impressive, certainly, but both privacy experts and campaigners expressed concern, wondering how these maps could have been produced without providing location data from the patient information files, a development that would be distressing for any to note that said location data is now just “out there.” Worse, it's only part of a growing movement to get access to such information, which has been seen coming from government departments and an array of private industry sources like actuaries and pharmaceutical makers.

This has led to plenty of questioning—particularly from Member of Parliament (MP) Dr. Sarah Wollaston, who took to Twitter saying “So HES data uploaded to 'Google’s immense army of servers', who consented to that?”--about just what kind of protections are in place for all those regular people who comprise the records in question. Patient groups have even been working for more transparency in the system, including full disclosure on all the groups that have gained access to patient records going as far back as 2010. A new plan from NHS England is being delayed while studies carry on, and there are plans to reduce individual records down to unique identifiers that are less personally identifiable. But some say that it really doesn't do the job, instead engaging in “pseudonymisation,” a process by which personal identifiers are removed, just not enough to render the person to which the remaining identifiers refer fully anonymous.

It's a distressing tipping point at work here: while having the information can render some substantial new benefits there's so much risk inherent in it that it's almost not worth doing in the first place. All this information together in one place is like one-stop shopping for identity thieves on literally a national scale; it is the Crown Jewels of identifiable data. But at the same time, there's so much potential for good here. Underserved areas can be rapidly spotted via geographic data, age data can provide a need to focus on geriatric or pediatric care, and a host of other points can be likewise garnered.

Protecting patient data is incredibly important. Yet at the same time, offering up this information could generate substantial benefit not just to the users but to society as a whole. Trying to balance these points requires careful consideration and transparency above all.




Edited by Cassandra Tucker
Get stories like this delivered straight to your inbox. [Free eNews Subscription]




SHARE THIS ARTICLE



FREE eNewsletter

Click here to receive your targeted Healthcare Technology Community eNewsletter.
[Subscribe Now]